CVE-2024-47827

{"id": "CVE-2024-47827", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 4.8, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.2}, {"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.7, "attackVector": "ADJACENT_NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.1}]}, "published": "2024-10-28T16:15:03.990", "references": [{"url": "https://github.com/argoproj/argo-workflows/blob/ce7f9bfb9b45f009b3e85fabe5e6410de23c7c5f/workflow/metrics/metrics_k8s_request.go#L75", "tags": ["Product"], "source": "security-advisories@github.com"}, {"url": "https://github.com/argoproj/argo-workflows/commit/524406451f4dfa57bf3371fb85becdb56a2b309a", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/argoproj/argo-workflows/pull/13641", "tags": ["Issue Tracking", "Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-ghjw-32xw-ffwr", "tags": ["Vendor Advisory"], "source": "security-advisories@github.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-1108"}, {"lang": "en", "value": "CWE-362"}]}], "descriptions": [{"lang": "en", "value": "Argo Workflows is an open source container-native workflow engine for orchestrating parallel jobs on Kubernetes. Due to a race condition in a global variable in 3.6.0-rc1, the argo workflows controller can be made to crash on-command by any user with access to execute a workflow. This vulnerability is fixed in 3.6.0-rc2."}, {"lang": "es", "value": "Argo Workflows es un motor de flujo de trabajo nativo de contenedores de c\u00f3digo abierto para orquestar trabajos paralelos en Kubernetes. Debido a una condici\u00f3n de ejecuci\u00f3n en una variable global en 3.6.0-rc1, cualquier usuario con acceso para ejecutar un flujo de trabajo puede hacer que el controlador de flujos de trabajo de Argo se bloquee cuando as\u00ed lo ordene. Esta vulnerabilidad se solucion\u00f3 en 3.6.0-rc2."}], "lastModified": "2024-11-05T16:50:27.330", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:argo_workflows_project:argo_workflows:3.6.0:rc1:*:*:*:kubernetes:*:*", "vulnerable": true, "matchCriteriaId": "EACC9ADA-86E2-4292-8389-3243F03238D0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}